1.1 Field of the Invention
The present invention relates to a method and device for setting basic means of access for operation of electronically operated devices, in particular a method and device for configuring and locking devices with the aid of a personal authentication system, in particular with the aid of SmartCards.
1.2 Disadvantages of the State of the Art
The term “device” in the context of the inventive concepts presented here is very broad and generalized. It covers a broad variety of equipment from small mobile phones or other small computer-controlled consumer devices with a certain, relatively low, level of computing power, through actual computers, to larger items of equipment such as motor vehicles, all the way up to control terminals for industrial processes, which may require authentication prior to operation. The prerequisite for all such “devices”, however, is that they have an electronic control to operate them—a feature found almost everywhere in today's world.
Custom configuration of devices is a key task in customer-oriented manufacturing processes. The current state of the art applies three basic configuration mechanisms to this end. Firstly, the devices can be configured at the factory to meet the needs of individual customers. The required software is installed in the devices during manufacture. This does, however, require precisely planned production processes with complex production planning systems, which are often not available, and so increases delivery times.
Secondly, configuration of the devices can be delegated to the customers. They can set up their devices by means of an installation disk, for example. However, the additional commitment demanded of the customer for such operations may result in significant competitive disadvantages, since the customer is not thoroughly trained in the programming logic of the devices in question. Furthermore, the procedure entails security issues, in particular where the functions being configured are operationally critical, or where the device manufacturer has to disclose internal information about the product. The distribution of this configuration information cannot be controlled.
Thirdly, many suppliers utilize online links, such as the Internet or the telephone, for custom configuration of devices or of plant comprising several such devices. This is relevant in the case of telephone systems, for example: Modern-day telephones are mostly equipped with the maximum possible functionality, but only the features ordered and paid for by the customer are actually activated. This means the devices can be produced in identical form in large volumes, and do not have to be configured and customized until on-site at the customer's location.
The use of such online links to update the software of installed telephone systems is doubtless the most flexible method at present, but it does require detailed information on the customers and their operational configuration, which is often not available.
Aspects such as protection of the configuration data in the event of resale of the system also need to be considered in this context too, however. These security aspects can only be covered to a limited degree, such as by password protection when logging on to the manufacturer's or service provider's configuration server and when clearing the online link.
The first possibility outlined above is highly complex and cost-intensive for the manufacturer, in particular in relation to low-cost consumer electronics equipment.
In the case of the two latter variants, it can only with some difficulty be ensured that users of the devices are prevented from illicitly using or passing on specific configurations for which they are not authorized.
A feature often closely linked in technical terms to the facility for configuring these devices is the facility for “configuring” them such that they are locked and no longer accessible for normal use.
One possibility offered by the state of the art for locking the hardware of such devices, and thus protecting the devices from misuse or theft, is familiar in relation to mobile phones and PCs.
The methods applied in those devices merely consist of input of a password, however. This results in risk of misuse if the password becomes known. Furthermore, a four-digit code as used in present-day mobile phones, for example, can be very quickly “cracked” with computer assistance.
Moreover, the level of user-friendliness is restricted, because the password can very easily be forgotten.
More complex locking functions which are not so easy to decrypt and which define the cryptographic keys and various roles, such as user, service engineer and system administrator, are not possible in conjunction with the existing methods.
As soon as state-of-the-art devices are equipped with more complex SmartCard-based security features, such applications are implemented in the state of the art as software. For example, the PC operating system Windows 2000 offers holders of a SmartCard associated with the PC the possibility of defining individual access rights to various files and setting up custom configurations. This method is based on the operating system, however, and can be deactivated by deleting the operating system from the hard disk. A potential thief would have unrestricted access to the system after reinstalling the operating system or replacing the hard disk.
Only the user data can be largely protected by the existing method.
1.3 Object of the Invention
The object of the present invention is consequently to create a reliable means of protecting such devices against unauthorized use in such a way that they become unattractive to a thief or any person intent on misuse.
A further object of the invention is to render such devices configurable in a user-friendly and secure way; that is, to make them accessible for individual, customized use by the customer.